talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add sequoia.

Browse Source
This commit is contained in:
Tom Alexander
2025-09-23 21:45:29 -04:00
parent 37abf58271
commit 185c43761c
17 changed files with 375 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
nix/configuration/roles/openpgp_card_tools/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./openpgp-card-ssh-agent.nix
];
options.me = {
openpgp_card_tools.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install openpgp-card-tools.";
};
};
config = lib.mkIf config.me.openpgp_card_tools.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
openpgp-card-tools
openpgp-card-tool-git
openpgp-card-ssh-agent
];
nixpkgs.overlays = [
(final: prev: {
openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { });
openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { });
})
];
me.install.user.talexander.file = {
".config/openpgp-card-state/config.toml" = {
source = ./files/openpgp-card-state.toml;
};
};
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true;
}
]
);
}

1
nix/configuration/roles/openpgp_card_tools/files/openpgp-card-state.toml Normal file
View File

@@ -0,0 +1 @@
default_pin_storage = "Pinentry"

94
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix Normal file
View File

@@ -0,0 +1,94 @@
# Upstream to nixpkgs/nixos/modules/services/networking/ssh/openpgp-card-ssh-agent.nix
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkIf
mkOption
mkEnableOption
mkPackageOption
mkDefault
types
concatMapStringsSep
generators
;
cfg = config.services.openpgp-card-ssh-agent;
in
{
options.services.openpgp-card-ssh-agent = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to start openpgp-card-ssh-agent when you log in.
Also sets SSH_AUTH_SOCK to point at openpgp-card-ssh-agent.
'';
};
package = mkPackageOption pkgs "openpgp-card-ssh-agent" { };
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.user.sockets.openpgp-card-ssh-agent = {
wantedBy = [ "sockets.target" ];
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
socketConfig = {
ListenStream = "%t/openpgp-card/ssh-agent.sock";
SocketMode = "0600";
DirectoryMode = "0700";
};
};
systemd.user.services.openpgp-card-ssh-agent = {
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
after = [ "local-fs.target" ];
requires = [
"openpgp-card-ssh-agent.socket"
# "gnome-keyring-daemon.service"
];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/openpgp-card-ssh-agent -H fd://
'';
};
};
environment.extraInit = ''
if [ -z "$SSH_AUTH_SOCK" ] && [ -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/openpgp-card/ssh-agent.sock"
fi
'';
assertions = [
{
assertion = cfg.enable -> !config.programs.ssh.startAgent;
message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!";
}
{
assertion = cfg.enable -> !config.programs.gnupg.agent.enableSSHSupport;
message = "You can't use GnuPG agent with SSH support enabled and openpgp-card-ssh-agent at the same time!";
}
];
};
}

52
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-ssh-agent/package.nix Normal file
View File

@@ -0,0 +1,52 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
testers,
openpgp-card-ssh-agent,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-ssh-agent";
version = "0.3.4";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "ssh-agent";
rev = "v${version}";
hash = "sha256-nWbvEsVa7YJsBtVZfLQDB4CiaHP3GEYeYS32+WZv8PE=";
};
cargoHash = "sha256-nG7xebypXv7UAfu7sWbcp4DIhLv4lfzMrQUY6m2iDmw=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-ssh-agent;
};
};
meta = with lib; {
description = "An ssh agent that uses OpenPGP cards for your key";
homepage = "https://codeberg.org/openpgp-card/ssh-agent";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "openpgp-card-ssh-agent";
};
}

54
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-tool-git/package.nix Normal file
View File

@@ -0,0 +1,54 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
sqlite,
testers,
openpgp-card-tool-git,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-tool-git";
version = "0.1.6";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "oct-git";
rev = "v${version}";
hash = "sha256-38/JHzCkL3+0IbOacH54A5Hj03oDe9jDzcwp672a8LE=";
};
cargoHash = "sha256-j1Osj2rjLxrSKh82ym6PiIHVO1wLE7Ax2/5+pdRcv+E=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
sqlite
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-tool-git;
};
};
meta = with lib; {
description = "Tool for using OpenPGP cards with git";
homepage = "https://codeberg.org/openpgp-card/oct-git";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "oct-git";
};
}